Welcome to the kspec documentation. kspec is an enterprise-grade policy-as-code engine for security compliance scanning across cloud platforms, SaaS applications, and infrastructure.
- Quickstart Guide - Get up and running in 5 minutes
- Installation - Detailed installation instructions
- Writing Policies - Learn to write security policies
- Integration Guide - Using kspec as a Discovery Tool or Check Engine (CLI & Go API)
- Examples - Working code examples for discovery, scanning, and CI/CD
kspec supports multiple providers for scanning different platforms:
| Provider | Description | Guide |
|---|---|---|
| Network | TLS, certificates, DNS, HTTP security | Network Guide |
| Azure | Azure cloud resources and configurations | Azure Guide |
| Microsoft 365 | M365 identity, security, and compliance | MS365 Guide |
| GitHub | Organizations, repositories, and security settings | GitHub Guide |
| Hetzner Cloud | Servers, firewalls, networks, and storage | Hetzner Guide |
| Cloudflare | DNS, WAF, zones, and security settings | Cloudflare Guide |
| Atlassian | Jira, Confluence, and admin settings | Atlassian Guide |
- Discovery & Scanning - How resource discovery works
- Sub-Resources - Understanding resource hierarchies
- CEL Expressions - Writing policy queries
- CLI Reference - Command line options
- Policy Schema - Policy file format
- Security Policy - Reporting vulnerabilities